Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service
|
|
SecurityTracker Alert ID: 1023850 |
|
SecurityTracker URL: http://securitytracker.com/id/1023850
|
|
CVE Reference:
CVE-2010-0234, CVE-2010-0235, CVE-2010-0236, CVE-2010-0237, CVE-2010-0238, CVE-2010-0481, CVE-2010-0482, CVE-2010-0810
(Links to External Site)
|
Date: Apr 13 2010
|
Impact:
Denial of service via local system, Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008 SP2, 2008 R2, 7; and prior service packs
|
Description:
Several vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system. A local user can cause denial of service conditions.
A local user can supply specially crafted registry keys to a Windows kernel system call to cause the target system to become unresponsive and automatically restart [CVE-2010-0234]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.
A local user can create specially crafted symbolic links to cause the target system to stop responding [CVE-2010-0235]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.
A local user can create a specially crafted symbolic-link type registry key that, when processed by the target system, will execute arbitrary code with System privileges [CVE-2010-0236]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.
A local user can traverse symbolic links from untrusted to trusted hives to execute arbitrary code with System privileges [CVE-2010-0237]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.
A local user can create a specially crafted registry key to cause the target system to stop responding [CVE-2010-0238]. Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal reported this vulnerability.
A local user can exploit a virtual path validation flaw to cause the target system to stop responding [CVE-2010-0481]. Tavis Ormandy of Google, Inc. reported this vulnerability.
A local user can create a specially crafted image file that, when processed, will cause the target system to stop responding and restart [CVE-2010-0482]. Martin Tofall of Obsidium Software reported this vulnerability.
A local user can create certain exceptions that will not be properly handled by the kernel, causing the target system to stop responding [CVE-2010-0810]. Tavis Ormandy of Google, Inc. reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
A local user can cause the target system to crash.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=C5F4577E-7546-40E9-8BCD-BE11C1B260A6
Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=142710FD-9CD4-4DD0-AABA-2AACE03C008F
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3C0CB02E-3484-4CDF-8C64-C697AD3E2889
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0A7EA2D0-61CE-4B68-AD82-D917B1A56F9D
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1FC66F54-260A-4219-A0B4-056BA9DD0ABE
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=8DCB8BE8-FB78-4518-AA7E-F8B17F7DFB86
Windows Vista:
http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374
Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=25E3CE7F-53A0-4049-A65C-011D2143C4C2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8B99E54D-955B-4A06-9A04-B2F4596EFD72
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=B1F9746D-61A2-406F-B707-60646BD5B5BB
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=FF58D80C-33CE-4D9E-AAA5-0B1841458931
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7F1DC055-2EC9-407A-9E69-DA12338587E3
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=28389C1D-2A12-4BEF-A59B-726BB6449C8B
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=D4EA3984-5183-47F1-814E-29CB6C90AE06
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-021.mspx (Links to External Site)
|
Cause:
Access control error, Input validation error, State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Apr 2010 18:17:10 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx
|
Microsoft Security Bulletin MS10-021 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
CVE-2010-0234
CVE-2010-0235
CVE-2010-0236
CVE-2010-0237
CVE-2010-0238
CVE-2010-0481
CVE-2010-0482
CVE-2010-0810
|
|
